Lucene search
K

10 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2022-1556

Malicious code in bioql PyPI...

5.3CVSS5.5AI score0.01038EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/03/18 5:40 p.m.33 views

Path Traversal in Spring-integration-zip

Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal filenames. So...

5.3CVSS2.6AI score0.01038EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/03/18 5:40 p.m.24 views

GHSA-VW83-H3MQ-3QWJ Path Traversal in Spring-integration-zip

Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal filenames. So...

5.3CVSS4.5AI score0.01038EPSS
Exploits0References2
Veracode
Veracode
added 2021/03/02 5:3 a.m.21 views

Arbitrary File Rewrite

spring-integration-zip is vulnerable to an arbitrary file rewrite aka a zip slip vulnerability. An incomplete fix of CVE-2018-1263 allows an attacker to send a malicious zip archive bzip2, tar, xz, war, cpio, 7z with path traversal filenames, leading to writing of files outside of the target...

5.3CVSS4.5AI score0.01446EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/03/01 6:15 p.m.20 views

Path traversal

Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal filenames. So...

5CVSS4.7AI score0.01446EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/03/01 5:23 p.m.44 views

CVE-2021-22114

Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal filenames. So...

5.1AI score0.01038EPSS
Exploits0References1
NVD
NVD
added 2018/05/15 8:29 p.m.17 views

CVE-2018-1263

Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal...

4.7CVSS4.6AI score0.01446EPSS
Exploits0References2
OSV
OSV
added 2018/05/15 8:29 p.m.23 views

CVE-2018-1263

Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal...

4.7CVSS5AI score0.01446EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/05/15 8:0 p.m.19 views

CVE-2018-1263

Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal...

4.6AI score0.01446EPSS
Exploits0References2
CVE
CVE
added 2018/05/15 8:0 p.m.84 views

CVE-2018-1263

CVE-2018-1263 affects spring-integration-zip (prior to 1.0.2 per initial, with later references noting fixes up to 1.0.4). The flaw is a path-traversal during archive extraction, where filenames are concatenated to the target directory, allowing an arbitrary file write outside the intended folder...

4.7CVSS4.8AI score0.01446EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder